There are two primary ways to conduct attack analysis to understand the threat landscape better and identify strengths/ weaknesses of the underlying detection bots:

  1. Gap Analysis: Take known malicious indicators that were not flagged by the Forta Network, understand what type of attack/ threat category the indicator is associated with, and understand why a particular detection bot that is designed to detect this particular threat category didnt identify the indicator as malicious.
  2. Attack Analysis Deep Dive: Take a particular threat category and do a deep dive on this threat category

Both opportunities are listed below in more detail:

Gap Analysis:

Analyze, use your security know-how to dissect hacks. Each month, a spreadsheet posted on this page will list addresses that were identified as scammers from a variety of sources that were not flagged by the Forta Network. Analysis of these addresses creates an opportunity to increase an understanding of the threat landscape and detection coverage of the Forta Network, which then ultimately can result in improvements of said coverage.

The spreadsheet with gaps is available here and will be updated on a monthly basis:

No more analysis will be performed after Aug 2023 in a bounty fashion.

2023_August - Unidentified Scammers (do not use)

2023_July - Unidentified Scammers (do not use)

2023_June - Unidentified Scammers (do not use)

2023_May - Unidentified Scammers (do not use)

2023 April - Unidentified Scammers (do not use)

Analysis done on any of these addresses in the spreadsheet will be helpful, which makes it a perfect micro-task. As you analyze addresses, pls execute the following process for consistency purposes:

For each addresses in the spreadsheet, capture the following information:

  1. Determine whether address is a contract.
  2. As the data sources utilized may have precision issues, one needs to determine whether the address is incorrectly or correctly marked as a scammer.
  3. Assess (using the Forta Explorer) whether the scam detector detected this particular address (either the prod or beta version); ignore any alerts with a MANUAL alertId
  4. Capture why the scammer wasn’t detected. This may necessitate you investigating the logic of the underlying base bot (the base bots used by the scam detector are listed here: https://github.com/forta-network/starter-kits/blob/main/scam-detector-py/src/constants.py